CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Eyesofnetwork » Eyesofnetwork » 5.1-0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1-0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14923 78 Exec Code 2019-08-16 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
2 CVE-2017-1000060 89 Sql 2017-07-17 2021-02-25
10.0
None Remote Low Not required Complete Complete Complete
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
3 CVE-2017-16000 89 Exec Code Sql 2017-10-29 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
4 CVE-2017-15933 89 Exec Code Sql 2017-10-27 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
5 CVE-2017-15880 89 Exec Code Sql 2017-10-24 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
6 CVE-2017-15188 79 XSS 2017-10-11 2021-02-23
3.5
None Remote Medium ??? None Partial None
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
7 CVE-2017-14985 79 XSS 2017-10-03 2021-02-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
8 CVE-2017-14984 79 XSS 2017-10-03 2021-02-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.
9 CVE-2017-14983 79 XSS 2017-10-03 2021-02-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.
10 CVE-2017-14753 79 XSS 2017-09-27 2021-02-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
11 CVE-2017-14405 78 Exec Code 2017-09-13 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
12 CVE-2017-14404 200 +Info File Inclusion 2017-09-13 2021-02-23
5.0
None Remote Low Not required Partial None None
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.
13 CVE-2017-14403 89 Sql 2017-09-13 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
14 CVE-2017-14402 89 Sql 2017-09-13 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
15 CVE-2017-14401 89 Sql 2017-09-13 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
16 CVE-2017-14252 89 Sql 2017-09-11 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
17 CVE-2017-14247 89 Sql 2017-09-11 2021-02-23
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
18 CVE-2017-14119 78 Exec Code 2017-09-03 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
19 CVE-2017-14118 78 Exec Code 2017-09-03 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
20 CVE-2017-13780 22 Dir. Trav. 2017-08-30 2021-02-23
5.0
None Remote Low Not required Partial None None
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.